Presentation is loading. Please wait.

Presentation is loading. Please wait.

Switch off your Mobiles Phones or Change Profile to Silent Mode.

Published byAshlyn Ford Modified over 8 years ago

Similar presentations

Presentation on theme: "Switch off your Mobiles Phones or Change Profile to Silent Mode."— Presentation transcript:

1 Switch off your Mobiles Phones or Change Profile to Silent Mode

2 Database Security

3 Objective of Database Security Widespread use of multi user database systems has increased productivity and efficiency for many organisations. However, it also exposes these organisations to greater vulnerability of the databases being misused. The overall objective of database security is to protect data in the databases against unauthorised use, disclosure, alteration or destruction.

4 Database Security vs Integrity Different Concepts Database Security How to protect data from unauthorised use Only authorised users are permitted to use the database They do so under the access control imposed by the system Database Integrity How to ensure accuracy or validity of data Entity integrity, domain integrity, referential integrity rules Other user defined, application specific integrity rules

5 Database Security vs Integrity Common Features The database systems must be aware of constraints that users must not violate These constraints must be specified by DBA in some suitable language These constraints must be maintained in the system catalogue The DBMS must monitor user operations in order to ensure that the constraints are properly enforced

6 Issued to be Considered General Concerns Legal, Social Ethical Issues Whether a person has a legal right to access the information Data Protection Act to ensure proper control of access to personal/confidential information Policy Issues What is the company scheme to protect its database

7 Issued to be Considered Hardware Issues Physical security of the computer system and the reliability of the hardware Software Issues Reliability of Operating systems used

8 Issued to be Considered Database specific Concerns Unauthorised used of the database, either deliberately or accidentally Unauthorised users attempting access to the database Authorised users attempting unauthorised operations on certain data objects Data encryption provides additional protection for sensitive data during transmission

9 Access Request In the context of database security, an access request / access right contains three aspects User – who is requesting access Operation – what operation is requested (select, insert, delete, update) Data object – what data object is requested Typically, users will have different access rights on various data objects in a database

10 Granularity of Data Objects Depending on the security schemes used, the scope of data objects ranges from: Entire database A set of relations A set of tuples / columns A particular attribute value within a tuple

11 Identification and Authentication Authorisation subsystem Provided by database security mechanism to check and verify user’s identity for ensuring the security of the database against unauthorised access Before accessing database a user must Identify themselves Authenticate their identification Additional identification & authentication may further be required during session Cash point, oracle log in, finger prints retina scans etc.

12 Two Main Approaches Two main approaches to database security, depending on the type of objects (user or data) through which the access control is exercised Discretionary Access Control Control is exercised by assigning users different access rights (privileges / authorities) on different data objects Mandatory Access Control Control is exercised by assigning data objects different classification levels and assigning user different clearance levels

13 Discretionary Access Control Discretionary Access Control (DAC) provide flexibility in allowing access to database DACs protect unstructured work in progress DAC objects contain information protected by Mandatory Access Control (MAC) DAC also includes privileges associated with email DAC labels are derived from MAC labels Access decisions in DAC do not take into account user’s role or program’s functionality

14 Discretionary Access Control There are various methods used in Discretionary Access Control Access Matrix Use table(s) to specify access privilege for different users on different data objects Security Rules Use a suitable language to specify user’s access rights

15 Discretionary Access Control – Access Matrix

16 An Access Matrix may contain many empty cells, so its information could be stored as user profiles or object profiles User Profiles (from the example) User Atable1:select; table1, attr2:update; table2:select User Btable1,attr1:select; table2:select; table2, attr1:update Object Profiles (from the example) Table 1userA:select Table 2userA:select; userB:select; userD:insert

17 Discretionary Access Control – Security Rules Supported by SQL standard and facilitated by two statements GRANT and REVOKE GRANT – Definition of Security Rules GRANT operation ON data object TO user(s) Violation response

18 Discretionary Access Control – Security Rules Some examples Value independent rules GRANT SELECT ON TABLE Employee TO Ram, Shyam, Hari; Value dependent rules GRANT SELECT ON TABLE Supplier where Supplier-city = ‘London’ TO Ganesh; Context dependent rules GRANT UPDATE ON TABLE Product WHEN Day() in (‘Mon’, ‘Tue’, ‘Wed’, ‘Thu’, ‘Fri’) AND Now() >= Time ‘09:00:00’ AND NOW() >= Time ‘17:00:00’ TO Order-Dept;

19 Discretionary Access Control – Security Rules Violation Response GRANT SELECT ON TABLE Employee TO Ram ON attempted violation Reject; REVOKE – Deletion of Security Rules REVOKE SELECT ON TABLE Employee TO Ram; REVOKE UPDATE ON TABLE Employee TO Ram; REVOKE DELETE ON TABLE Employee TO Ram; REVOKE INSERT ON TABLE Employee TO Ram; Or REVOKE SELECT, INSERT ON TABLE Employee TO Ram; REVOKE ALL ON TABLE Employee TO Ram;

20 Mandatory Access Control Why Mandatory Access Control (MAC) is needed? Enhances security of database Gives consistent view of operations General rule is all allowed accesses are provided by MAC Access that is not part of MAC is Discretionary Access Control (DAC) MAC adds to complexity

21 Mandatory Access Control MAC is used for type enforcement (TE) as is done in programming languages MAC protects organizational data MAC deals with database queries, reports and statistical studies Data protection for a class is determined by its label Relabel privileges follow a set of rules since label makes a difference in access

22 Mandatory Access Control Relabels are used for declassification of existing objects or for approvability Relabels do not allow changing or observing the content Information flow is specified between MAC labels Information flow restrictions are essential for maintaining confidentiality

23 Mandatory Access Control Examples: Official reports (DAC permission allows DAC copy) Statistical analysis of medical records (providers and researchers have different view of same data) Accounting records (updated by structured programs and accessed by unstructured programs)

24 Mandatory Access Control Key Points of the scheme Each data objects is assigned a classification level Each user is assigned a clearance level Users with a clearance level I can only access data objects whose classification level j is lower than or equal to i. The classification and clearance levels have the same number of possibilities These levels form a strict ordering hierarchy

25 Mandatory Access Control – Security Classification Method Example

26 Mandatory Access Control – Security Classification Method According to the information given in the tables: What is a manager’s access right? Select tables 1 and 2; Update table 2 and attributes 1 and 2 of table 1 Delete table 2 and attribute 2 of table 1 Is a manager allowed to delete a data item from the attribute 1 of Table 1? No Who can select attribute 1 of Table 2? Everyone

27 Comparison Discretionary Access Control More widely used due to its flexibility Supported by current SQL standard Mandatory Access Control With more rigid structure Suitable for organisations with strict requirement for security and hierarchy (e.g. Government, defence systems, for sensitive / classified information)

28 Any Questions?

Download ppt "Switch off your Mobiles Phones or Change Profile to Silent Mode."

Similar presentations

Operating System Security

Operating System Security
Chapter 23 Database Security and Authorization Copyright © 2004 Pearson Education, Inc.

Chapter 23 Database Security and Authorization Copyright © 2004 Pearson Education, Inc.
Database Administration, Integrity and Performance.

Database Administration, Integrity and Performance.
Jan. 2014Dr. Yangjun Chen ACS-49021 Database security and authorization (Ch. 22, 3 rd ed. – Ch. 23, 4 th ed. – Ch. 24, 6 th )

Jan. 2014Dr. Yangjun Chen ACS Database security and authorization (Ch. 22, 3 rd ed. – Ch. 23, 4 th ed. – Ch. 24, 6 th )
Database Security by Muhammad Waheed Aslam SIS Project Leader ITC/KFUPM.

Database Security by Muhammad Waheed Aslam SIS Project Leader ITC/KFUPM.
Chapter 11 Database Security: An Introduction Copyright © 2004 Pearson Education, Inc.

Chapter 11 Database Security: An Introduction Copyright © 2004 Pearson Education, Inc.
Security and Integrity

Security and Integrity
Database Management System

Database Management System
Data security 1. 2 Overview  generalities  discretionary access control  mandatory access control  data encryption.

Data security 1. 2 Overview  generalities  discretionary access control  mandatory access control  data encryption.
Database Security - Farkas 1 Database Security and Privacy.

Database Security - Farkas 1 Database Security and Privacy.
Monday, 08 June 2015Dr. Mohamed Osman1 What is Database Administration A high level function (technical Function) that is responsible for ► physical DB.

Monday, 08 June 2015Dr. Mohamed Osman1 What is Database Administration A high level function (technical Function) that is responsible for ► physical DB.
Security Fall 2006McFadyen ACS-49021 How do we protect the database from unauthorized access? Who can see employee salaries, student grades, … ? Who can.

Security Fall 2006McFadyen ACS How do we protect the database from unauthorized access? Who can see employee salaries, student grades, … ? Who can.
CSCI 5707: Database Security Pusheng Zhang University of Minnesota March 2, 2004.

CSCI 5707: Database Security Pusheng Zhang University of Minnesota March 2, 2004.
Concepts of Database Management Sixth Edition

Concepts of Database Management Sixth Edition
Chapter 8 Security Transparencies © Pearson Education Limited 1995, 2005.

Chapter 8 Security Transparencies © Pearson Education Limited 1995, 2005.
IS 4420 Database Fundamentals Chapter 12: Data and Database Administration Leon Chen.

IS 4420 Database Fundamentals Chapter 12: Data and Database Administration Leon Chen.
Database Features Lecture 2. Desirable features in an information system Integrity Referential integrity Data independence Controlled redundancy Security.

Database Features Lecture 2. Desirable features in an information system Integrity Referential integrity Data independence Controlled redundancy Security.
View n A single table derived from other tables which can be a base table or previously defined views n Virtual table: doesn’t exist physically n Limitation.

View n A single table derived from other tables which can be a base table or previously defined views n Virtual table: doesn’t exist physically n Limitation.
Lecture 7 Access Control

Lecture 7 Access Control
Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 4 “Overview”.

Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 4 “Overview”.

Similar presentations

Ads by Google